[Cryptography] [FORGED] Re: Hope Apple Fights This!

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Feb 17 23:28:06 EST 2016


Kevin W. Wall <kevin.w.wall at gmail.com> writes:

>If this were just about getting access to THIS PARTICULAR phone, does anyone
>believe that the NSA TAO couldn't do it, even if it meant surreptitiously
>stealing Apple's current source code and signing key(s).

You don't even need to do that, just use a glitch attack a la smart card
hackers 20+ years ago.  Unless the checking code is something like:

  result = constant-time-memcmp( entered-PIN, stored-PIN );
  decrement counter;
  if result = FALSE goto retry;
  increment counter;

which it probably won't be, it'll be more like:

  if( !memcmp( entered-PIN, stored-PIN ) )
    decrement counter;
    goto retry;

then all you need to do is reset the CPU before the counter is decremented, or
just walk down the memcmp() with a timing attack.  It helps if you can
underclock the CPU, which seems to be do-able on most CPUs in devices like
this.

Peter.


More information about the cryptography mailing list